Communicating and delivering services to the consumers through web applications are now become very popular due to its user friendly interface, global accessibility, and easy manageability. Careless design and development of web applications are the key reasons for security breaches which are very alarming for the users as well as the web administrators. Currently, Local File Inclusion (LFI) vulnerability is found present commonly in several web applications that lead to remote code execution in host server and initiates sensitive information disclosure. Detection of LFI vulnerability is getting very critical concern for the web owner to take effective measures to mitigate the risk. After reviewing literatures, we found insignificant researches conducted on automated detection of LFI vulnerability. This paper has proposed an automated LFI vulnerability detection model, SAISAN for web applications and implemented it through a tool. 265 web applications of four different sectors has been examined and received 88% accuracy from the tool comparing with the manual penetration testing method.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.